So the NSA is spying not only on my Facebook account, but also reading
my mail? Shame on them! Until recently, I was not overly anxious of my
private mails getting into the wrong hands, but things change, don’t
they?

I have my own postfix server up and running, which hosts about 10 mail
addresses, mostly of Longboarding Ulm members. I implemented data
security ‘at transport’ (i.e. TLS and related stuff), but I didn’t care
too much about data security ‘at rest’, namely encryption on disk.

What will happen if my server gets compromised or confiscated? Each and
every mail will be available to the evil-doer. As it is the case with
all standard postfix distributions. And even if I save the mail
directories, say, to an encrypted disk, my password could get
compromised too, or I could be held in jail until I agree to unlock the
data (merry German customs… see Beugehaft / §70 StPO).

This is also the case with most email providers. I came up with the
whole thing after a recent chat with an acquaintance about her mail
provider posteo.de. She was convinced that her emails are safely
encrypted there, and she’s happy to pay the monthly fee of €1. That
doesn’t sound like much, but what do you really get for it? They don’t
require personal details, but so don’t the others - just insert some
bogus into the registration form. They’ve got encryption. Via SSL. In

Wow! I agree that every website that has user accounts should
upgrade login requests to port 443, but the ones that don’t are dull
anyway. So what about the ‘at rest’ encryption that posteo has,
according to my friend? Nonexistent. They store the data on their
server, and that’s it. Staff is advised to respect the users privacy. So
far, the service that I’m offering out of the box and their service are
not that different at all.

The big question is: How do I extend my system to provide ‘at rest’
encryption that is not dependent on me, but on the user (and his
password) only? A quick research led me to GNU and the Anubis software.
It should act as a man-in-the-middle for handing mail to the MTA, i.e.
postfix. Perhaps I can pipe the mail such that each users mail gets
encrypted with his public GPG key and is decrypted only when the
password is transmitted to the server. This scheme is still open to some
attacks (compromised server, sniffed passwords), but it would be better
guarded against confiscation or data leaks. More on that in a
follow-up.